A company is handling sensitive customer data and wants to ensure that no unauthorized data transfers occur. They need a solution that automates the discovery and classification of data and enforces rules to prevent data leaks. Which of the following should they implement?

Implementing Data Loss Prevention (DLP) is the most suitable choice for the scenario described. DLP solutions are specifically designed to protect sensitive information from unauthorized access and transfer. They automate the discovery and classification of data, allowing organizations to identify where sensitive data resides and to apply appropriate security measures.

DLP systems enforce policies that prevent data breaches by monitoring data in use, in motion, and at rest. They can block, encrypt, or alert on attempts to transfer sensitive information outside authorized channels, thereby minimizing the risk of data leaks. This proactive approach ensures compliance with data protection regulations and safeguards customer trust.

In contrast, while an intrusion detection system (IDS) focuses on detecting suspicious activities and potential intrusions, it does not have capabilities to prevent data leaks directly. Security information and event management (SIEM) systems gather and analyze logs to identify security incidents but lack the direct data protection features found in DLP. File Integrity Monitoring (FIM) is used to detect unauthorized changes to files, which is important for maintaining the integrity of data but does not address unauthorized data transfers.

Thus, DLP is the most effective method for automating the discovery and classification of sensitive data, while concurrently enforcing measures to prevent unauthorized data transfers.